Security researchers have revealed a novel threat dubbed “SnailLoad” that is been tracked as CVE-2024-39920. This side-channel attack exploits a vulnerability in the TCP, potentially allowing attackers to remotely monitor a user’s web activity, including visited websites and streamed videos.
The vulnerability exploits a timing side channel within the TCP protocol, as specified in RFC 9293. This timing side channel enables remote attackers to deduce the content of a TCP connection from a client system to any server when that client system is simultaneously receiving TCP data at a slow rate from an attacker-controlled server. The attack operates by measuring round-trip times (RTTs) through TCP segments that provide an acknowledgment control bit and an acknowledgment number.
The major aspect is its ability to leverage the inherent bandwidth bottleneck persist while it connects to the internet, which in turn affects the latency of network packets, allowing an attacker to infer ongoing network activities, such as the websites a user visits or the videos they watch.
The attack is currently unlikely to be exploited in the wild. Addressing the root cause of SnailLoad is challenging, as it relies on fundamental differences in bandwidth between backbone networks and individual user connections. Disabling TCP ACKs, which are crucial for reliable data transmission, is not a viable solution. Further research is needed to develop effective mitigations.
While there are no immediate fixes, staying informed about this emerging threat is essential. Be cautious of suspicious network activity and prioritize security standards, baselines, and best practices.
